TABLE OF CONTENTS Realms, roles, and resources are known to the vast majority of IVE administrators as simply the "3 Rs." The reason for this is simple: One builds on the other in a way that can't be separated, with the realm being perhaps the easiest to define and ultimately getting much more granular as you work your way down through roles and resources. That is the order we need to go in if we are to fully understand and appreciate the overall benefit of this architecture.
So, what are the 3 Rs? They are quite simple (see Figure 3.1):
Realms simply define the authentication, authorization, and auditing services for a specific group of users, along with the ability to map those users to each of their roles. Realms can even apply a wide array of authentication policies to ensure that users are only allowed to log in under the specific conditions that have been allowed by the administrator. To the user, the primary contact with realms is the sign-in page, and each user can authenticate to only one realm at a time.
Roles are what users ultimately belong to. If you are an employee in the accounting department with a management title, your roles are probably something like Everyone, Accounting, and Management. Since you have mapped to all three roles, once you are logged in you will simply see the sum of all the allowed resources. Just like realms, individual roles may be restricted from...
